NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Windows Patch for RPC Sealing and Samba for ReadyNAS 4220S
I have a ReadyNAS 4220S running 6.9.3 that is being used for SMB shares. The problem we just found out is that Microsoft is patching RPC authentication to stop RPC Signing and only allow RPC Seal...
Hello JayLim77
And welcome to the NETGEAR Community! 🙂
Yes, Microsoft have released its initial security deployment it is in initial deployment phase and it is released in Nov 8 2022.
And as you mentioned the patch will be enforced soon.
And ReadyNAS updated firmware version is 6.10.8 and it will not probably update the version in near future.
Please keep the device in the updated firmware to avoid the vulnerabilities.
Probably it is will not affect the NAS in which the change by the Microsoft.
If your issue is resolved please close the thread by clicking "Accept as solution".
Have a lovely day,
AnkitGH
Netgear Team
AnkitGH wrote:Hello JayLim77
Probably it is will not affect the NAS in which the change by the Microsoft.
Your best answer is probably it won't affect the NAS? That just won't do. From what I have read, it very much will affect anyone using AD integration to access the NAS, which I assume the original poster is doing.
Thanks Sandshark that is exactly what I am doing.
The ReadyNAS is connected to AD and using security groups for its SMB Shares.
We have worked with Synology, NetApp, Hitachi HNAS, 45Drives with TrueNAS, and Samba based Unix-like systems. All of them are jumping in to get a fix out, or already have, before the change is applied in July by Microsoft.
This is a major issue as all access will be lost by AD based users. From the response it looks like Netgear does not have fix for ReadyNAS and that will mean any and all of these systems connected to AD will stop working.
Every indication is that Netgear is silently exiting the NAS business and just leaving it's customers hanging. I think you should go on the assumption that Netgear will do nothing. If that's not the case, you'll be pleasantly surprised. Better that than caught with your pants down when the patch is implemented.
The NAS will not cease to work, but you'll have to change from AD to local access control. Depending on how many users that is, it could be a daunting task. Can you re-purpose your Netgear products as backup only, so not as many need access? Unfortunately, I have no idea how to migrate from AD integration.
Another option is installing a generic Linux system since it's basically just an Intel-based motherboard. The best way to do that is to temporarily remove the 10GBE card and install a video card. Once you've installed and set things up for headless operation, you can swap back in the Ethernet card. I have read that a DisplyLink USB video adapter has Linux support. So if you need to maintain a display, you could see about using one of them.
I just wanted to add I updated the ReadyNAS OS to 6.10.8 and logged in by SSH. I then ran smbstatus | grep version, which output:
#smbstatus | grep version #Samba version 4.8.0I checked the 4.8.0 version of Samba and the release notes from samba.org. This version is from March 13, 2018 as per https://www.samba.org/samba/history/samba-4.8.0.html
This is pretty bad that the version of Samba on the ReadyNAS, which is one version behind the currently available to download on this site and is the currently advertised version by auto update, is so far out of date and is over 5 years old.
This is just an FYI for all to know.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
